BUG: KASAN: slab-out-of-bounds in pfkey_sadb2xfrm_user_sec_ctx net/key/af_key.c:474 [inline] at addr ffff8801cd0f3798
BUG: KASAN: slab-out-of-bounds in pfkey_compile_policy+0x8e6/0xd40 net/key/af_key.c:3303 at addr ffff8801cd0f3798
Read of size 1280 by task syzkaller256823/3255
CPU: 0 PID: 3255 Comm: syzkaller256823 Not tainted 4.9.41-g72a8dae #22
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c71cf830 ffffffff81d92609 ffff8801da0013c0 ffff8801cd0f3780
 ffff8801cd0f3880 ffffed0039a1e708 ffff8801cd0f3798 ffff8801c71cf858
 ffffffff8153c1bc ffffed0039a1e708 ffff8801da0013c0 0000000000000000
Call Trace:
 [<ffffffff81d92609>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d92609>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
 [<ffffffff8153c47c>] print_address_description mm/kasan/report.c:198 [inline]
 [<ffffffff8153c47c>] kasan_report_error mm/kasan/report.c:287 [inline]
 [<ffffffff8153c47c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
 [<ffffffff8153ca40>] kasan_report+0x20/0x30 mm/kasan/report.c:296
 [<ffffffff8153b387>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
 [<ffffffff8153b387>] check_memory_region+0x137/0x190 mm/kasan/kasan.c:315
 [<ffffffff8153b883>] memcpy+0x23/0x50 mm/kasan/kasan.c:350
 [<ffffffff8356fa06>] pfkey_sadb2xfrm_user_sec_ctx net/key/af_key.c:474 [inline]
 [<ffffffff8356fa06>] pfkey_compile_policy+0x8e6/0xd40 net/key/af_key.c:3303
 [<ffffffff833cac94>] xfrm_user_policy+0x244/0x390 net/xfrm/xfrm_state.c:1900
 [<ffffffff83205ad7>] do_ip_setsockopt.isra.11+0x1977/0x2960 net/ipv4/ip_sockglue.c:1146
 [<ffffffff83206afa>] ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1235
 [<ffffffff83226792>] tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2701
 [<ffffffff82ed1245>] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2705
 [<ffffffff82ece1e0>] SYSC_setsockopt net/socket.c:1771 [inline]
 [<ffffffff82ece1e0>] SyS_setsockopt+0x160/0x250 net/socket.c:1750
 [<ffffffff838a5985>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801cd0f3780, in cache kmalloc-256 size: 256
Allocated:
PID = 3255
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
 __kmalloc+0x11d/0x310 mm/slub.c:3741
 kmalloc include/linux/slab.h:495 [inline]
 xfrm_user_policy+0xa9/0x390 net/xfrm/xfrm_state.c:1889
 do_ip_setsockopt.isra.11+0x1977/0x2960 net/ipv4/ip_sockglue.c:1146
 ip_setsockopt+0x3a/0xb0 net/ipv4/ip_sockglue.c:1235
 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2701
 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2705
 SYSC_setsockopt net/socket.c:1771 [inline]
 SyS_setsockopt+0x160/0x250 net/socket.c:1750
 entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 0
(stack is not available)
Memory state around the buggy address:
 ffff8801cd0f3700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
 ffff8801cd0f3780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8801cd0f3800: 00 00 00 00 00 00 00 00 02 fc fc fc fc fc fc fc
                                           ^